"The Asrar Al Dardashah plugin supports most of the languages in the world through the use of Unicode encoding, including Arabic, English, Urdu, Pashto, Bengali and Indonesian," stated the announcement, which was posted on several top online Jihadist forums and GIMF's official website.

"The plugin is easy and quick to use, and, like its counterpart, the Asrar Al Mujahideen program, it uses the technical algorithm RSA for asymmetric encryption, which is based [on] a pair of interrelated keys: a public key allocated for encrypting and a private key used for decrypting," GIMF's statement said. "To use the plugin, both of the communicating parties should install and activate the plugin and produce and import the Asrar Al Mujahideen private key into the Asrar Al Dardashah plugin, which automatically produces the corresponding public key of 2048-bit-length for use. It offers a level of encryption which has not been cracked or broken and can be relied upon entirely to protect the confidentiality of sensitive communication[s]."

"The use of encryption software in something as loosely organized as the Al Qaeda and general jihadi networks would only benefit them substantially if they could clean out all the infiltrators, informants and guarantee that everyone was on the same page and used it properly," said Smith. "That's an order they most likely will never be able to fill."

Quite. Technological 'solution' which doesn't address the human element. The guy from the uh... CSISTTP... thingy... needs a good slap and a new line of work.

If members of a group all use a certain application unique to their group... then that application helps them be located and fingerprinted regardless of who makes it or how strong it is for protection.

Isn't the "S" in RSA for Adi Shamir, one of the co-inventors of the RSA encryption scheme? I always find it amusing in a way that those who so espouse hatred towards a given people have no problem using technology created by said people.

using a so called encrypted chat prog posted to watched terrorist forums is the same as downloading a "triple hop privacy VPN" from a watched carding forum. Hello feds.

if I remember correctly no AQ (does AQ even exist anymore?) agent is using encryption. OBL sure didnt, same with the hijackers and their email dropbox scheme. Catching these guys must be the easiest job in the world compared to secret service agents who have to go after skilled euro hackers

That's right, all you terrorists out there, Osama Bin Laden was tracked down through his dependence on old-school OPSEC and a small trusted circle of cutouts. What you want to do instead is rely on unbreakable encryption that uses math you don't understand. Put everything in the cloud, encrypted, because nobody who's hunting you is really serious about monitoring cyberspace or cracking the flimsy system built around all that hard math. All those computers in Utah use the electricity to find cutouts and dead-drops.

Isn't it obvious that the Israeli added a backdoor to the RSA algorithm? AQ communications would much more secure if some loyal AQ member read a book or two on cryptography and a book or two on programming, and secured the code for AQ use.

Isn't that about the same as saying in the headlines, "Hey AQ, we can't possibly read your communications if you encrypt them with this plugin! (Pay no attention to the MITM behind the curtain.)"

"import the Asrar Al Mujahideen private key into the Asrar Al Dardashah plugin", emphasis mine. Given that they explicitly mention the public key afterwards that is supposed to be derived from it, it also doesn't look like a simple case of bad reporting.

I suspect that either they are really dumb, or it's a trap for dumb terrorists.

This could be a long-term strategy for populating watch lists (or be used as one if the "Asrar Al Dardashah" plugin wasn't intended as bait by the author). It's possible for people to be naive wannabes now, get serious later, and draw official attention to whatever groups they join.

"a new encryption capability would almost certainly complicate counterterrorism and intelligence missions"

No. Understanding the "old" encryption capabilities well, and using them correctly, would complicate things. If all terrorists were using a new encryption method, that would simply mark them as terrorists.

BlueRaja: From what I know (correct me if I'm wrong), key size is critical with RSA. Large enough/diverse enough key is fine (decryption time is obviously increased). RSA is quicker and, if used correctly, would work well for their needs.